Chapter 8. Abusing the Runtime Library

As you’ve learned, Objective-C functions at a higher level than C, and uses very basic functions and C-style structures behind the scenes to build a messaging framework. In Chapter 7, you learned how to intercept and manipulate messages, using tools like Cycript, to manipulate the runtime environment of an Objective-C application from a simple script interpreter. In this chapter, we’ll pull the curtain back a little more to break the application down to its native functions and structures, and explore debugging and disassembly.

Breaking Objective-C Down

The sample HelloWorld program you were introduced to in Chapter 7 came in two flavors: a high-level Objective-C version, and a more low-level C version. The Objective-C version used the Objective-C syntax to invoke four messages on the SaySomething class: alloc, init, say, and release.

SaySomething *saySomething = [ [ SaySomething alloc ] init ];
  [ saySomething say: @"Hello, world!" ];
  [ saySomething release ];

These four messages were also demonstrated in C:

objc_msgSend(
    objc_msgSend(
        objc_msgSend(
            objc_msgSend(
                objc_getClass("SaySomething"), NSSelectorFromString(@"alloc")),
                NSSelectorFromString(@"init")),
         NSSelectorFromString(@"say:"), @"Hello, world!"),
    NSSelectorFromString(@"release:"));

The objc_msgSend function is probably the most significant component of the Objective-C framework, and is responsible for making the entire runtime do something. This function is used to send messages to objects ...

Get Hacking and Securing iOS Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.